metasploit | c0017f1a8a644d373a55a351baffaeddca0718deb627e7d0157bfc9a78bbe694 | Triage

Sharing

General

Target

add093e384ff21c31aa42dc77c5a111f_JaffaCakes118
Size

318KB
Sample

241128-2rlhestmay
MD5

add093e384ff21c31aa42dc77c5a111f
SHA1

b864ab4b45979b819f1fce56849fd1f57a4fefd1
SHA256

c0017f1a8a644d373a55a351baffaeddca0718deb627e7d0157bfc9a78bbe694
SHA512

1e9b67124794ce1a522c9a4a36e9d83718f17e6cc3875f1bdaf726a66da1b79f37a5c89c6e9f996d1ddeaa14b8b9d84055b1cffca589a810a3ddadc2e79c2d85
SSDEEP

6144:kfiSMzzsnQ3WL24QFzF77OjcJEVSj090xrG8i6obiV:kfrMzzsnGWyEcCK1rG8Hog

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  add093e384ff21c31aa42dc77c5a111f_JaffaCakes118
- Size
  
  318KB
- MD5
  
  add093e384ff21c31aa42dc77c5a111f
- SHA1
  
  b864ab4b45979b819f1fce56849fd1f57a4fefd1
- SHA256
  
  c0017f1a8a644d373a55a351baffaeddca0718deb627e7d0157bfc9a78bbe694
- SHA512
  
  1e9b67124794ce1a522c9a4a36e9d83718f17e6cc3875f1bdaf726a66da1b79f37a5c89c6e9f996d1ddeaa14b8b9d84055b1cffca589a810a3ddadc2e79c2d85
- SSDEEP
  
  6144:kfiSMzzsnQ3WL24QFzF77OjcJEVSj090xrG8i6obiV:kfrMzzsnGWyEcCK1rG8Hog
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan